EUVD-2022-37321

Malicious code in bioql PyPI...

Design/Logic Flaw

An exploitable overly permissive cross-domain CORS whitelist vulnerability exists in JSON-RPC of Parity Ethereum client version 1.7.8. An automatically sent JSON object to JSON-RPC endpoint can trigger this vulnerability. A victim needs to visit a malicious website to trigger this vulnerability...

DEBIAN-CVE-2016-5714

Puppet Enterprise 2015.3.3 and 2016.x before 2016.4.0, and Puppet Agent 1.3.6 through 1.7.0 allow remote attackers to bypass a host whitelist protection mechanism and execute arbitrary code on Puppet nodes via vectors related to command validation, aka "Puppet Execution Protocol PXP Command...

Apache Cordova fails to restrict access permissions

Overview Apache Cordova contains a vulnerability where whitelist restrictions are not properly applied. Apache Cordova provided by the Apache Software Foundation is a framework for creating mobile applications for various platforms. iOS applications built using Apache Cordova contain a...

CVE-2015-4518

The Reader View implementation in Mozilla Firefox before 42.0 has an improper whitelist, which makes it easier for remote attackers to bypass the Content Security Policy CSP protection mechanism and conduct cross-site scripting XSS attacks via vectors involving SVG animations and the about:reader...

applican vulnerable to URL whitelist bypass

Overview applican provided by Newphoria Corporation Inc. is a platform to build hybrid applications for both iOS and Android. applican provides a whitelisting function whitelist.xml to limit the URLs that applications can access. However, if the application is launched using the URL-scheme, the...